lazodoh

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About lazodoh

  • Rank
    Newbie
  1. Hi, I have successfully undertaken all the above tasks and everything looks fine. Thanks a million! I noticed in the other thread, you advised the removal of Java 2 Runtime Environment, SE v1.4.2. I have v1.4.2_03. Is this okay?
  2. Hi, I have gone through the whole process. Ewido found and removed 7 items. Active Scan found 33, but has not removed any. I will be grateful if you could confirm whether it's all okay and what other actions I need to take. All the log files are below. Many thanks, Leo EWIDO: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 17:07:16, 18/05/2006 + Report-Checksum: 2F5D144A + Scan result: HKU\S-1-5-21-712404442-3115194696-1731748047-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup HKU\S-1-5-21-712404442-3115194696-1731748047-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup C:\Documents and Settings\Karen\Local Settings\Temp\temp.frDA7A -> Downloader.Zlob.ou : Cleaned with backup C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL -> Downloader.IstBar : Cleaned with backup C:\WINDOWS\system32\1024\ldAC1F.tmp -> Not-A-Virus.Hoax.Win32.Renos.da : Cleaned with backup C:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.lj : Cleaned with backup ::Report End RAPPORT: SmitFraudFix v2.44 Scan done at 17:11:41.42, 18/05/2006 Run from C:\Documents and Settings\Karen\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp????.tmp Deleted C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» End PANDA ACTIVESCAN: Incident Status Location Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll Potentially unwanted tool:application/mywebsearch Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk Potentially unwanted tool:application/mywebsearch Not disinfected c:\documents and settings\all users\start menu\programs\startup\MyWebSearch Email Plugin.lnk Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf Adware:adware/emediacodec Not disinfected c:\program files\Media-Codec Adware:adware/comet Not disinfected Windows Registry Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Karen\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Karen\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Karen\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe] Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr HIGHJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 18:18:35, on 18/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) R3 - URLSearchHook: ScriptInocUI Class - - (no file) O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hpC50B.tmp (file missing) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk121YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129669906476 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130693238296 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  3. Hi CalamityJane, I have installed Adaware SE and uploaded the latest definition. I have done a full scan several times and most times, a critical object and some minor ones are found, but adaware is unable to remove them. The infection unfortunately continues. The latest log is shown hereunder. Any help would be appreciated: Ad-Aware SE Build 1.06r1 Logfile Created on:18 May 2006 13:42:57 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R108 17.05.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» ClickSpring(TAC index:6):1 total references MRU List(TAC index:0):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 18-05-2006 13:42:57 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Karen\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-712404442-3115194696-1731748047-1006\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-712404442-3115194696-1731748047-1006\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-712404442-3115194696-1731748047-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 864 ThreadCreationTime : 18-05-2006 12:38:42 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 952 ThreadCreationTime : 18-05-2006 12:38:43 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 976 ThreadCreationTime : 18-05-2006 12:38:45 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1020 ThreadCreationTime : 18-05-2006 12:38:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1032 ThreadCreationTime : 18-05-2006 12:38:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1204 ThreadCreationTime : 18-05-2006 12:38:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1252 ThreadCreationTime : 18-05-2006 12:38:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1308 ThreadCreationTime : 18-05-2006 12:38:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [evteng.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 1400 ThreadCreationTime : 18-05-2006 12:38:49 BasePriority : Normal FileVersion : 9, 0, 1, 12 ProductVersion : 9, 0, 0, 0 ProductName : EvtEng Module CompanyName : Intel Corporation FileDescription : EvtEng Module InternalName : EvtEng LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : EvtEng.EXE #:10 [s24evmon.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 1428 ThreadCreationTime : 18-05-2006 12:38:51 BasePriority : Normal FileVersion : 9, 0, 1, 41 ProductVersion : 9, 0, 0, 0 ProductName : Mobile Unit Support Service CompanyName : Intel Corporation FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. InternalName : S24EvMon LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : S24EvMon.exe #:11 [wlkeeper.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 1448 ThreadCreationTime : 18-05-2006 12:38:51 BasePriority : Normal FileVersion : 9, 0, 1, 14 ProductVersion : 1, 0, 0, 1 ProductName : SSOFSet Service CompanyName : Intel® Corporation FileDescription : WLKEEPER InternalName : WLKEEPER LegalCopyright : Copyright © 2004 OriginalFilename : WLKEEPER.exe #:12 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1500 ThreadCreationTime : 18-05-2006 12:38:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:13 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1604 ThreadCreationTime : 18-05-2006 12:38:54 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:14 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1920 ThreadCreationTime : 18-05-2006 12:38:55 BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:15 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1984 ThreadCreationTime : 18-05-2006 12:38:55 BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:16 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 164 ThreadCreationTime : 18-05-2006 12:38:56 BasePriority : Normal FileVersion : 6.0.2.211 ProductVersion : 6.0 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002 - 2005 Symantec Corporation OriginalFilename : SndSrvc.exe #:17 [spbbcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\ ProcessID : 244 ThreadCreationTime : 18-05-2006 12:38:56 BasePriority : Normal FileVersion : 2.1.0.4 ProductVersion : 2.1.0.4 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:18 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ProcessID : 336 ThreadCreationTime : 18-05-2006 12:38:57 BasePriority : Normal FileVersion : 1.9.1.762 ProductVersion : 1.9.1.762 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:19 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1516 ThreadCreationTime : 18-05-2006 12:39:01 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:20 [aolacsd.exe] FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\ ProcessID : 1748 ThreadCreationTime : 18-05-2006 12:39:01 BasePriority : Normal #:21 [defwatch.exe] FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ ProcessID : 1764 ThreadCreationTime : 18-05-2006 12:39:01 BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright © 1998 Symantec Corporation OriginalFilename : DefWatch.exe #:22 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 1796 ThreadCreationTime : 18-05-2006 12:39:01 BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:23 [navapsvc.exe] FilePath : C:\Program Files\Norton AntiVirus\ ProcessID : 1856 ThreadCreationTime : 18-05-2006 12:39:01 BasePriority : Normal FileVersion : 12.2.0.13 ProductVersion : 12.2.0 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:24 [nicconfigsvc.exe] FilePath : C:\Program Files\Dell\NICCONFIGSVC\ ProcessID : 1896 ThreadCreationTime : 18-05-2006 12:39:02 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : NicConfigSvc CompanyName : Dell Inc. FileDescription : Internal Network Card Power Management Service InternalName : TestMFCAppWiz LegalCopyright : Copyright © 2004 Dell Inc. OriginalFilename : NicConfigSvc.EXE #:25 [npfmntor.exe] FilePath : C:\Program Files\Norton AntiVirus\IWP\ ProcessID : 1996 ThreadCreationTime : 18-05-2006 12:39:02 BasePriority : Normal FileVersion : 12.2.0.13 ProductVersion : 12.2.0 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Firewall Install Monitor InternalName : NPFMonitor LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NPFMonitor.EXE #:26 [regsrvc.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 200 ThreadCreationTime : 18-05-2006 12:39:02 BasePriority : Normal FileVersion : 9, 0, 1, 10 ProductVersion : 9, 0, 0, 0 ProductName : RegSrvc Module CompanyName : Intel Corporation FileDescription : RegSrvc Module InternalName : RegSrvc LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : RegSrvc.EXE Comments : Registry Interface for Intel Wireless Products #:27 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 2400 ThreadCreationTime : 18-05-2006 12:39:07 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:28 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2684 ThreadCreationTime : 18-05-2006 12:39:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:29 [zcfgsvc.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 3088 ThreadCreationTime : 18-05-2006 12:39:46 BasePriority : Normal FileVersion : 9, 0, 1, 45 ProductVersion : 1, 0, 0, 2 ProductName : ZeroCfgSvc Application CompanyName : Intel Corporation FileDescription : ZeroCfgSvc MFC Application InternalName : ZeroCfgSvc LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : ZeroCfgSvc.EXE #:30 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 3264 ThreadCreationTime : 18-05-2006 12:39:48 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:31 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3324 ThreadCreationTime : 18-05-2006 12:39:51 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:32 [1xconfig.exe] FilePath : C:\PROGRA~1\Intel\Wireless\Bin\ ProcessID : 3420 ThreadCreationTime : 18-05-2006 12:39:53 BasePriority : Normal FileVersion : 9, 0, 1, 33 ProductVersion : 9, 0, 0, 0 ProductName : 8021XConfig Module CompanyName : Intel FileDescription : 8021XConfig Module InternalName : 8021XConfig LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : 1XConfig.EXE Comments : Wrapper for MH. (Service COM) #:33 [atmclk.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3860 ThreadCreationTime : 18-05-2006 12:40:04 BasePriority : Normal ClickSpring Object Recognized! Type : Process Data : atmclk.exe TAC Rating : 6 Category : Malware Comment : atmclk.exe.dmp Object : C:\WINDOWS\system32\ Warning! ClickSpring Object found in memory(C:\WINDOWS\system32\atmclk.exe) "C:\WINDOWS\system32\atmclk.exe"Process terminated successfully "C:\WINDOWS\system32\atmclk.exe"Process terminated successfully #:34 [apoint.exe] FilePath : C:\Program Files\Apoint\ ProcessID : 528 ThreadCreationTime : 18-05-2006 12:40:07 BasePriority : Normal FileVersion : 5.5.101.141 ProductVersion : 5.5.101.141 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:35 [hkcmd.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 108 ThreadCreationTime : 18-05-2006 12:40:08 BasePriority : Normal FileVersion : 3.0.0.4363 ProductVersion : 7.0.0.4363 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : HKCMD.EXE #:36 [igfxpers.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 784 ThreadCreationTime : 18-05-2006 12:40:09 BasePriority : Normal FileVersion : 3.0.0.4363 ProductVersion : 7.0.0.4363 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : persistence Module InternalName : PERSISTENCE LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : IGFXPERS.EXE #:37 [igfxsrvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 812 ThreadCreationTime : 18-05-2006 12:40:09 BasePriority : Normal FileVersion : 3.0.0.4363 ProductVersion : 7.0.0.4363 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : igfxsrvc Module InternalName : IGFXSRVC LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : IGFXSRVC.EXE #:38 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_06\bin\ ProcessID : 816 ThreadCreationTime : 18-05-2006 12:40:09 BasePriority : Normal #:39 [ifrmewrk.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 908 ThreadCreationTime : 18-05-2006 12:40:10 BasePriority : Normal FileVersion : 9, 0, 1, 19 ProductVersion : 9, 0, 0, 0 ProductName : Intel PROSet/Wireless CompanyName : Intel Corporation FileDescription : Intel Framework MFC Application InternalName : Framework LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : iFramewrk.exe #:40 [dvdlauncher.exe] FilePath : C:\Program Files\CyberLink\PowerDVD\ ProcessID : 1508 ThreadCreationTime : 18-05-2006 12:40:10 BasePriority : Normal FileVersion : 3.00.0000 ProductVersion : 3.00.0000 ProductName : Cyberlink PowerCinema 3.0 CompanyName : CyberLink Corp. FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright © 2003 CyberLink Corp. OriginalFilename : DVDLauncher.EXE #:41 [apntex.exe] FilePath : C:\Program Files\Apoint\ ProcessID : 1728 ThreadCreationTime : 18-05-2006 12:40:11 BasePriority : Normal FileVersion : 5.5.1.19 ProductVersion : 5.5.1.19 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:42 [aolsp scheduler.exe] FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\ ProcessID : 2052 ThreadCreationTime : 18-05-2006 12:40:12 BasePriority : Normal FileVersion : 1.00.0059 ProductVersion : 1.00.0059 ProductName : AOL Spyware Protection CompanyName : AOL Spyware Protection FileDescription : AOL Spyware Protection InternalName : AOLSP Scheduler LegalCopyright : AOL Spyware Protection LegalTrademarks : AOL Spyware Protection OriginalFilename : AOLSP Scheduler.exe Comments : AOL Spyware Protection #:43 [dmxlauncher.exe] FilePath : C:\Program Files\Dell\Media Experience\ ProcessID : 1892 ThreadCreationTime : 18-05-2006 12:40:13 BasePriority : Normal #:44 [issch.exe] FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\ ProcessID : 924 ThreadCreationTime : 18-05-2006 12:40:14 BasePriority : Normal FileVersion : 3, 10, 100, 1155 ProductVersion : 3, 10 ProductName : InstallShield Update Service CompanyName : InstallShield Software Corporation FileDescription : InstallShield Update Service Scheduler InternalName : Scheduler LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation OriginalFilename : issch.exe #:45 [vptray.exe] FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ ProcessID : 2468 ThreadCreationTime : 18-05-2006 12:40:15 BasePriority : Normal FileVersion : 8.00.00.9374 ProductVersion : 8.00.00.9374 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright © Symantec Corporation 1991-2002 #:46 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 2480 ThreadCreationTime : 18-05-2006 12:40:15 BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:47 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 2656 ThreadCreationTime : 18-05-2006 12:40:16 BasePriority : Normal FileVersion : 0.1.0.3427 ProductVersion : 0.1.0.3427 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:48 [mwsoemon.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\ ProcessID : 2900 ThreadCreationTime : 18-05-2006 12:40:17 BasePriority : Normal FileVersion : 1,2,2,2 ProductVersion : 2,0,1,0 ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients CompanyName : MyWebSearch.com FileDescription : My Web Search Email Plugin InternalName : mwsoemon LegalCopyright : Copyright © 2003-2004 MyWebSearch.com OriginalFilename : mwsoemon.exe #:49 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla\ ProcessID : 3216 ThreadCreationTime : 18-05-2006 12:40:18 BasePriority : Normal FileVersion : 1.04.08a CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2004 Sonic Solutions #:50 [dsagnt.exe] FilePath : C:\Program Files\Dell Support\ ProcessID : 704 ThreadCreationTime : 18-05-2006 12:40:21 BasePriority : Below Normal FileVersion : 1, 1, 0, 73 ProductVersion : 1, 1, 0, 73 ProductName : Dell Support CompanyName : Gteko Ltd. FileDescription : Dell Support InternalName : AUAgent LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd. OriginalFilename : AUAgent.exe #:51 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 3696 ThreadCreationTime : 18-05-2006 12:40:22 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:52 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 936 ThreadCreationTime : 18-05-2006 12:40:23 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:53 [dlg.exe] FilePath : C:\Program Files\Digital Line Detect\ ProcessID : 2864 ThreadCreationTime : 18-05-2006 12:40:29 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BVRP Software TestLine CompanyName : BVRP Software FileDescription : Digital Line Detection InternalName : TestLine LegalCopyright : Copyright © 2003 OriginalFilename : TestLine.exe #:54 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 496 ThreadCreationTime : 18-05-2006 12:40:38 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:55 [nscsrvce.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\ ProcessID : 2824 ThreadCreationTime : 18-05-2006 12:41:26 BasePriority : Normal FileVersion : 2006.1.5.17 ProductVersion : 2006.1.5 ProductName : Norton Security Console CompanyName : Symantec Corporation FileDescription : Norton Security Console Norton Protection Center Service InternalName : NSCService LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NSCSrvce.exe #:56 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 3532 ThreadCreationTime : 18-05-2006 12:41:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 6 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 6 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 13:53:20 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:10:22.718 Objects scanned:162518 Objects identified:1 Objects ignored:0 New critical objects:1 ArchiveData(auto-quarantine- 2006-05-18 13-55-16.bckp) Referencefile : SE1R108 17.05.2006 ====================================================== MRU LIST »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=MRU FileReference : C:\Documents and Settings\Karen\recent\Ad-Aware SE Personal.lnk obj[1]=MRU FileReference : C:\Documents and Settings\Karen\recent\log18may1354.lnk obj[2]=MRU FileReference : C:\Documents and Settings\Karen\recent\manual.lnk obj[4]=MRU RegReference : S-1-5-21-712404442-3115194696-1731748047-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.chm obj[5]=MRU RegReference : S-1-5-21-712404442-3115194696-1731748047-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.TXT obj[3]=MRU RegReference : S-1-5-21-712404442-3115194696-1731748047-1006\software\microsoft\search assistant\acmru\5603 obj[6]=MRU RegReference : S-1-5-21-712404442-3115194696-1731748047-1006\software\microsoft\windows\currentversion\explorer\recentdocs\Folder CLICKSPRING »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[5]=Process : C:\WINDOWS\system32\atmclk.exe
  4. Thanks. I will proceed as per advise.
  5. Hi CalamityJane, My partner's PC (Windows XP) is also infected with the [email protected] virus. Pop-ups (including ###### ads keep poping up, to the embarasment of the kids) and the homepage is highjacked. Norton has not detected it, let alone fix it. I have read the whole thread with interest. However, since the thread has evolved, I was wondering whether you would be kind enough to post a definitive procedure to eliminate this pest. Many thanks, Leo